CVE-2024-1528

CMS Made Simple 2.2.14 is reported to be vulnerable to Cross-Site Scripting through /admin/moduleinterface.php due to insufficient encoding of user-controlled input in multiple parameters. The issue is exploitable to deliver a crafted JavaScript payload to an authenticated user, with potential se...

Exploit for CVE-2024-28741

NorthStar C2 agent RCE via stored XSS Agent RCE PoC for CVE-20...

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution

Exploit Title: NorthStar C2 agent RCE via stored XSS Date: 2024-03-11 Exploit Author: @chebuya Software Link: https://github.com/EnginDemirbilek/NorthStarC2 Version: v1.0 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-28741 Description: NorthStar C2 applies insufficient sanitization on agent...

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution Exploit

NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross sit...

CVE-2024-2319

Cross-Site Scripting XSS vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements...

CVE-2024-2319

Cross-Site Scripting XSS vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements...

CVE-2024-2319 Cross-Site Scripting vulnerability in Django MarkdownX

Cross-Site Scripting XSS vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements...

CVE-2024-2319

The CVE-2024-2319 entry corresponds to a Cross-Site Scripting (XSS) vulnerability in Django MarkdownX, affecting version 4.0.2. The issue arises from insufficient sanitisation of JavaScript elements in the upload functionality, enabling an attacker to store a crafted JavaScript payload. Documente...

CVE-2024-2319 Cross-Site Scripting vulnerability in Django MarkdownX

Cross-Site Scripting XSS vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements...

CVE-2024-2245

Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter...

CVE-2024-2245

Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter...

Cross site scripting

Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter...

CVE-2024-2245 Cross-Site Scripting vulnerability in moziloCMS

Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter...

moziloCMS Cross-Site Scripting Vulnerability

moziloCMS is an open source content management system CMS. It is targeted at users with little knowledge of HTML and is impressive for its beginner-friendly operation. A cross-site scripting vulnerability exists in moziloCMS version 2.0, which originates from an attacker executing a JavaScript...

CVE-2024-2211

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu...

Cross site scripting

Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu...

CVE-2024-2188

Cross-Site Scripting XSS vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could...

Cross site scripting

Cross-Site Scripting XSS vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could...

CVE-2024-2188 Cross-Site Scripting vulnerability in TP-Link Archer AX50

Cross-Site Scripting XSS vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could...

CVE-2024-2078

A Cross-Site Scripting XSS vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session...